Last week, I ran across an old scrapbook, full of little pieces from my past. As I meandered through the ticket stubs, cards and letters, each one dredged up memories and emotions I had packed away.
There was a stub from my first music concert, tickets to football games, a letter of acceptance to college and mementos from events the details of which were long gone. Some of the scraps went all the way back to my childhood, each holding its precious little cargo of memory.
Among the artifacts on those pages was my original green-and-white Mississippi driver’s license from 1980. Its edges were cracked and the print a little faded, but the plastic card was still pretty much intact. There was no photo; just the facts about my birthdate, my height and weight, my address and a few other nuggets of information. At the time, I gave no thought to the fact that my driver’s license number was the same as my Social Security number. In fact, almost no one did at the time.
But the use of the Social Security number has become a problem because it’s been used by criminals to commit identity theft. This week, one of the last major holdouts on using Social Security numbers on its cards has announced it’ll be phasing that practice out. The Center for Medicare and Medicaid Services, which runs the two programs, announced the Social Security numbers will be replaced soon for its 57.7 million Medicare recipients. The action is being taken to meet a Congress-imposed deadline to remove Social Security numbers on all Medicare cards by April 2019.
In place of than identifying information, each Medicare beneficiary will be assigned a new, randomly generated number called a Medicare Beneficiary Number, consisting of a mix of upper-and lower-case letters. CMS will start mailing out cards with the new numbers in April 2018, and says it will work to educate participants about how to destroy their old cards and keep their information private.
“We’re taking this step to protect our seniors from fraudulent use of Social Security numbers, which can lead to identity theft and illegal use of Medicare benefits,” CMS Administrator Seema Verma said in a news release. “We want to be sure that Medicare beneficiaries and health care providers know about these changes well in advance and have the information they need to make a seamless transition.”
Regulators, advocates and even members of Congress have urged CMS for many years to make the change, but it’s been long in coming. “The Social Security number is the key to identity theft, and thieves are having a field day with seniors’ Medicare cards,” Rep. Sam Johnson, R-Texas, told the New York Times in 2015.
CMS officials have cited a variety of reasons for the delays, including the refocusing of resources to implement Healthcare.gov, the website that registers participants for services provided under the Affordable Care Act.
Although their use for identity theft has exploded in the past few decades, Social Security numbers have never really been very secure. Although the number was designed for a specific purpose — identifying participants in the Social Security System set up in 1935 — it began to be used as a more general identifier. Since nearly every American citizen had one, it was considered a sort of universal ID number. Financial institutions began to use it, as did government agencies, businesses and organizations of all kinds.
It didn’t take long, though, for people with nefarious intentions to abuse the new Social Security numbers. According to the Social Security Administration, in 1938 a national newspaper ad for wallets made by the E.H. Feree Co. (and sold widely by Woolworth’s department store) featured an image of a Social Security card fitting into one of its wallets. The problem was that the picture contained the real Social Security number assigned to Hilda Whitcher, who was the secretary for E.H. Feree’s vice president and treasurer. By 1943, at least 5,755 people were using Whitcher’s number for their own, and at least 40,000 people eventually claimed it. Although Whitcher was soon assigned a different number, people kept using the old one until at least 1977.
A more recent, but equally notorious case is that of Lifelock Founder Todd Davis, who famously published his own Social Security number in ads, websites and even on billboards, daring criminals to try to use it to commit identity theft. At least 13 crooks successfully took him up on the offer, though (and many more tried). What started as a brazen publicity stunt turned into real losses for several companies that had to write off the uncollectable debt racked up by identity thieves.
Although the number of ID cards with Social Security numbers continues to decrease and Medicare recipients will no longer be exposed to this particular threat, the Social Security number will still continue to be used internally for a variety of purposes. (By the way, Mississippi stopped using Social Security numbers on Mississippi driver’s licenses long ago; Department of Public Safety spokesman Warren Strain told me the practice was discontinued during the mid-2000s.)
Protecting yourself from identity theft still requires a lot of vigilance and some caution. Social Security numbers are still a point of vulnerability. Often, people ask me whether they’re in danger carrying their Social Security card or other documents containing that number in their wallets or purses. Almost always, I relay the sage advice I got years ago: The best place to carry your Social Security number is in your head.